Skip to main content
Skip table of contents

Hiding false positives, revoked credentials, etc.

Sometimes, Security for Confluence will find false positives, credentials which have already been revoked, etc. If this happens, you can review the finding. This marks the finding, as well as any other findings which exactly match it, as reviewed in the current and future scans.

In the Soteri Dashboard, reviewed findings are not counted towards the total finding count when determining if a space is secure.

Reviewing a finding from the Security Analysis

Click the Mark reviewed button on the finding you want to review.

This will open a confirmation dialog. Note that marking a finding as reviewed saves the exact string captured by the rule (in this case, fbkey ab048ad50ffa33959a242b1ecec6ed0b). That exact string will be marked as reviewed for all existing and future scans.

image-20241111-234003.png

Once reviewed, the finding will disappear from the Security Analysis, but can be shown again with the “Show reviewed” toggle, where it can also be unmarked.

Note that reviewed findings are scoped to a space; that is, identical findings across multiple spaces must be reviewed separately.

Exporting Reviewed Findings

Information about reviewed false positives, such as who marked them reviewed and when, may be exported from the Security Analysis by clicking “Export Space” and then “Reviewed False Positives”.

Note that reviewed false positives are stored independently of any findings. In other words, after clicking “Mark Reviewed” on a finding, that text persists and marks all future matching results as reviewed, even if the original finding is deleted.

You can also export reviewed false positives in all your spaces from the Soteri Dashboard.

Reviewing findings globally

Confluence administrators, can add reviewed false positives which apply across all spaces in your Confluence instance using a CSV upload workflow.

Findings which match any of the global false positives show up as “Globally Reviewed” on the Security Analysis pages, and cannot be reviewed in the space scope.

Adding new global false positives

Navigate to the settings page. Then, click on the “Add Reviewed” button under “Globally Review Findings”:

Clicking on this button will open a modal which allows you to download a template for adding global false positives, and select an existing file to upload.

Uploaded files should be CSVs with a single column titled “Match text”. Every row will be interpreted as a case-sensitive globally reviewed text to add.

You can copy over the “Match text” column in an export to create the upload file. However, note that some spreadsheet software—notably Microsoft Excel—rounds numbers and/or displays them in scientific notation by default. We recommend LibreOffice, Apple Numbers, or Google Sheets instead.

Deleting globally reviewed false positives

Navigate to the settings page. Then, click on the “Remove Reviewed” button under “Globally Review Findings”:

Clicking on this button will open a modal which allows you to download a template for removing globally reviewed false positives, and select an existing file to upload.

Uploaded files should be CSVs with a single column titled “Match text”. Every row will be interpreted as a case-sensitive globally reviewed text to remove.

You can un-review by copying the “Match text” from an export of globally reviewed findings. However, note that some spreadsheet software—notably Microsoft Excel—rounds numbers and/or displays them in scientific notation by default. We recommend LibreOffice, Apple Numbers, or Google Sheets instead.

Exporting globally reviewed false positives

Navigate to the settings page. Then, click on the “Export” button under “Globally Review Findings”:

Exports are in CSV format and include:

  • The exact text that is considered reviewed

  • Who reviewed it

  • When it was reviewed

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.